Research On The Role-Based Cross-Domain Usage Control Model And Its Application

With the expansion of the internet scope, the necessary of information shared and resources exchanged in distributed open environment are increased rapidly. Multi-domain interoperation enhances the efficiency of using resource by providing a way of resources sharing, but cross domain security problem is brought at the same time. How to realize the cross-domain authority and access control are become the key question to be solved in current security field, which possesses an important research value. The access control in multi-domain environment holds the character of heteroid、intercurrent and variable, and traditional role-based access control adopts the way of centralization, which can not meet the security necessary of the multi-domain interoperation in distributed open environment. Usage control is a new generation access control model, and it can meet the demands of variable attribution and continuous control in current information system security requirement.The article aims at the interoperation security requirement among multi-domain, and the role-based cross-domain usage control model and its application realization technology are deeply studied on the basis of RBAC and UCON model, the main work is as followed:(1) A cross-domain usage control model CDUCON based on role is put forward. On the basis of analyzing the several kinds of access control in nowadays common use and their existent limitations, the role conception is introduced into the UCON model with which authorization is easily managed, and a role-based Cross-Domain UCON model is structured against multi-domain and the existent limitations of role mapping by using attribution mapping mechanism, with analyzing the security demand of access control in distributed environment. The model combines the authority mechanism of RBAC and the frame of UCON model, and has gone deeply study of the element of attribution and authority in UCON model.(2) The mapping mechanism and authority rule in CD_UCON model is studied. The model realizes interoperation by mapping rule, and meets the demand of variable attribution and continuous control. Then the article combines the material purchase management system, and the practice application and security of CD_UCON model is discussed.(3) The time character of access control is led into the CD_UCON model, and the time character is studied, and the time-restrained CD_UCON model is raised. Then the time character is expanded, by relating user attribution to the time character, to achieve the goal of controlling the time restriction of user accessing resource dynamically.(4) An application realization of the model in material purchase management system is realized. From the view of material purchase management system application environment, the security demand and the need of access control in material purchase management are point out, and the feature of both RBAC model and UCON model are made into the material purchase management system. Then the access control module frame and database realization are provided, and examples are laid to illustrate the model applying to material purchase management system.